It's a little cloudy to say that both are different items in a SOHO environment and the firmware/software engines that run hardware against that of software on your computer with their multi-layered detection modules may seem to have similar traits to the average user.

I'm almost confusing myself. Hope it helps clear it up a little though as terminology and language gets a little over board at times.--The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke

My simplistic explanation would be for example a program such as ThreatFire (behavior blocker) which would monitor for code that might be malware related (heuristic) versus a program like Faronics Anti-Executable (HIPS) which prevents all non-white listed exe and dll files from running on your PC without your permission.

In addition, the Behavior Blocker can monitor and stop any of the following actions:

Installation of new drivers and services Any kind of process manipulation like DLL-injection, code-injection, patching, termination, etc. Installation of new BHOs (Browser Helper Objects) Changes to your Internet Explorer configuration Hidden installations of software Changes to your Hosts file (redirects domains) Installations of debuggers on the system

So in a very BROAD sense, you could argue this is a HIPS in that it resides on and protects on an endhost,but truth to tell it's all semantics to me. If you are security conscious, keep in mind the following truisms :

a) security is a PROCESS not a productb) if it can be made by human hands, it can be broken by human handsc) security is best designed and done in multiple (decoupled) layers